Browse Source

Merge branch 'master' of shadowsocks/shadowsocks

master
breakwa11 5 years ago
parent
commit
e751534234
8 changed files with 144 additions and 29 deletions
  1. 1
    1
      .travis.yml
  2. 3
    0
      CHANGES
  3. 1
    1
      setup.py
  4. 27
    26
      shadowsocks/udprelay.py
  5. 1
    1
      tests/jenkins.sh
  6. 83
    0
      tests/test_udp_src.py
  7. 23
    0
      tests/test_udp_src.sh
  8. 5
    0
      utils/fail2ban/shadowsocks.conf

+ 1
- 1
.travis.yml View File

@@ -13,7 +13,7 @@ before_install:
- sudo dd if=/dev/urandom of=/usr/share/nginx/www/file bs=1M count=10
- sudo sh -c "echo '127.0.0.1 localhost' > /etc/hosts"
- sudo service nginx restart
- pip install pep8 pyflakes nose coverage
- pip install pep8 pyflakes nose coverage PySocks
- sudo tests/socksify/install.sh
- sudo tests/libsodium/install.sh
- sudo tests/setup_tc.sh

+ 3
- 0
CHANGES View File

@@ -1,3 +1,6 @@
2.6.11 2015-07-10
- Fix a compatibility issue in UDP Relay

2.6.10 2015-06-08
- Optimize LRU cache
- Refine logging

+ 1
- 1
setup.py View File

@@ -7,7 +7,7 @@ with codecs.open('README.rst', encoding='utf-8') as f:

setup(
name="shadowsocks",
version="2.6.11",
version="2.6.12",
license='http://www.apache.org/licenses/LICENSE-2.0',
description="A fast tunnel proxy that help you get through firewalls",
author='clowwindy',

+ 27
- 26
shadowsocks/udprelay.py View File

@@ -76,8 +76,9 @@ from shadowsocks.common import pre_parse_header, parse_header, pack_addr
BUF_SIZE = 65536


def client_key(a, b, c, d):
return '%s:%s:%s:%s' % (a, b, c, d)
def client_key(source_addr, server_af):
# notice this is server af, not dest af
return '%s:%s:%d' % (source_addr[0], source_addr[1], server_af)


class UDPRelay(object):
@@ -102,6 +103,7 @@ class UDPRelay(object):
close_callback=self._close_client)
self._client_fd_to_server_addr = \
lru_cache.LRUCache(timeout=config['timeout'])
self._dns_cache = lru_cache.LRUCache(timeout=300)
self._eventloop = None
self._closed = False
self._last_time = time.time()
@@ -172,37 +174,36 @@ class UDPRelay(object):

if self._is_local:
server_addr, server_port = self._get_a_server()
key = client_key(r_addr[0], r_addr[1], dest_addr, dest_port)
else:
server_addr, server_port = dest_addr, dest_port
addrs = socket.getaddrinfo(dest_addr, dest_port, 0, socket.SOCK_DGRAM, socket.SOL_UDP)
if addrs:
af, socktype, proto, canonname, sa = addrs[0]
key = client_key(r_addr[0], r_addr[1], af, 0)
else:
key = None

client = self._cache.get(key, None)
if not client:
# TODO async getaddrinfo
#logging.info('UDP handle_server %s:%d from %s:%d' % (common.to_str(server_addr), server_port, self._listen_addr, self._listen_port))
addrs = self._dns_cache.get(server_addr, None)
if addrs is None:
addrs = socket.getaddrinfo(server_addr, server_port, 0,
socket.SOCK_DGRAM, socket.SOL_UDP)
if addrs:
af, socktype, proto, canonname, sa = addrs[0]
if self._forbidden_iplist:
if common.to_str(sa[0]) in self._forbidden_iplist:
logging.debug('IP %s is in forbidden list, drop' %
common.to_str(sa[0]))
# drop
return
client = socket.socket(af, socktype, proto)
client.setblocking(False)
self._cache[key] = client
self._client_fd_to_server_addr[client.fileno()] = r_addr
else:
if not addrs:
# drop
return
else:
self._dns_cache[server_addr] = addrs

af, socktype, proto, canonname, sa = addrs[0]
key = client_key(r_addr, af)
logging.debug(key)
client = self._cache.get(key, None)
if not client:
# TODO async getaddrinfo
if self._forbidden_iplist:
if common.to_str(sa[0]) in self._forbidden_iplist:
logging.debug('IP %s is in forbidden list, drop' %
common.to_str(sa[0]))
# drop
return
client = socket.socket(af, socktype, proto)
client.setblocking(False)
self._cache[key] = client
self._client_fd_to_server_addr[client.fileno()] = r_addr

self._sockets.add(client.fileno())
self._eventloop.add(client, eventloop.POLL_IN)


+ 1
- 1
tests/jenkins.sh View File

@@ -69,7 +69,7 @@ if [ -f /proc/sys/net/ipv4/tcp_fastopen ] ; then
fi

run_test tests/test_large_file.sh
run_test tests/test_udp_src.sh
run_test tests/test_command.sh

coverage combine && coverage report --include=shadowsocks/*

+ 83
- 0
tests/test_udp_src.py View File

@@ -0,0 +1,83 @@
#!/usr/bin/python

import socket
import socks


SERVER_IP = '127.0.0.1'
SERVER_PORT = 1081


if __name__ == '__main__':
# Test 1: same source port IPv4
sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM,
socket.SOL_UDP)
sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT)
sock_out.bind(('127.0.0.1', 9000))

sock_in1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM,
socket.SOL_UDP)
sock_in2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM,
socket.SOL_UDP)

sock_in1.bind(('127.0.0.1', 9001))
sock_in2.bind(('127.0.0.1', 9002))

sock_out.sendto(b'data', ('127.0.0.1', 9001))
result1 = sock_in1.recvfrom(8)

sock_out.sendto(b'data', ('127.0.0.1', 9002))
result2 = sock_in2.recvfrom(8)

sock_out.close()
sock_in1.close()
sock_in2.close()

# make sure they're from the same source port
assert result1 == result2

# Test 2: same source port IPv6
# try again from the same port but IPv6
sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM,
socket.SOL_UDP)
sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT)
sock_out.bind(('127.0.0.1', 9000))

sock_in1 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM,
socket.SOL_UDP)
sock_in2 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM,
socket.SOL_UDP)

sock_in1.bind(('::1', 9001))
sock_in2.bind(('::1', 9002))

sock_out.sendto(b'data', ('::1', 9001))
result1 = sock_in1.recvfrom(8)

sock_out.sendto(b'data', ('::1', 9002))
result2 = sock_in2.recvfrom(8)

sock_out.close()
sock_in1.close()
sock_in2.close()

# make sure they're from the same source port
assert result1 == result2

# Test 3: different source ports IPv6
sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM,
socket.SOL_UDP)
sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT)
sock_out.bind(('127.0.0.1', 9003))

sock_in1 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM,
socket.SOL_UDP)
sock_in1.bind(('::1', 9001))
sock_out.sendto(b'data', ('::1', 9001))
result3 = sock_in1.recvfrom(8)

# make sure they're from different source ports
assert result1 != result3

sock_out.close()
sock_in1.close()

+ 23
- 0
tests/test_udp_src.sh View File

@@ -0,0 +1,23 @@
#!/bin/bash

PYTHON="coverage run -p -a"

mkdir -p tmp

$PYTHON shadowsocks/local.py -c tests/aes.json -v &
LOCAL=$!

$PYTHON shadowsocks/server.py -c tests/aes.json --forbidden-ip "" -v &
SERVER=$!

sleep 3

python tests/test_udp_src.py
r=$?

kill -s SIGINT $LOCAL
kill -s SIGINT $SERVER

sleep 2

exit $r

+ 5
- 0
utils/fail2ban/shadowsocks.conf View File

@@ -0,0 +1,5 @@
[Definition]

_daemon = shadowsocks

failregex = ^\s+ERROR\s+can not parse header when handling connection from <HOST>:\d+$

Loading…
Cancel
Save